When configuring a vulnerability scanner for a global organization, what is the BEST way to mitigate the risk of unauthorized access to service accounts?

Creating different accounts for each region limited by logon times is the best method to mitigate the risk of unauthorized access to service accounts. This approach allows an organization to establish more granular control over user access and permissions tailored to specific regional requirements. By limiting the accounts to specific logon times, the organization can reduce the window of opportunity for potential attackers to exploit these accounts.

Additionally, this method ensures that service accounts are only active during designated times, minimizing the risk of them being compromised outside of operational hours. This practice aligns with the principle of least privilege, allowing users to have only the necessary permissions required for their functions while reducing the risks associated with unauthorized access.

The other options suggest different approaches that may not provide the same level of control or flexibility as the chosen option. For example, creating consultant accounts with multifactor authentication might improve security but may be more complex to maintain across regions. A single global administrator account could lead to significant security risks due to the consolidated access it provides. Lastly, guest accounts with blocked password reuse might not be suitable for service accounts needing reliable operational access. Therefore, the chosen answer effectively addresses both security and operational needs.